- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
iOS IPSec dial up VPN not getting DNS setting
I am setting up an iOS IPSec VPN and followed everything in this guide
https://docs.fortinet.com/document/fortigate/7.2.3/administration-guide/311726/ios-device-as-dialup-...
So far I can access the local network but only via IPs. Hostnames does not work. Clients can ping the dns server but the client can't seem to get any resolution.
Is there a problem in this guide or lacking any steps? I tried to search other KB but seem to not work either.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Check if the port 53 (DNS) traffic is allowed . Also, take a packet capture on the incoming and outgoing interfaces of the firewall. You can run the following debugs
di de flow filter addr <src machine ip>
di de flow filter port 53
di de flow show function-name en
di de flow trace start 100
di de en
On a separate CLI run the following
di sniffer packer any 'host <dns ip> and port 53' 4 0 l
Initiate the DNS request and provide the output from the above debugs
To disable debugs
di de dis
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @maplesyrup
Can you please check this document: make sure dns suffix is set on the ipsec phase1 configuration
